Cylinder Health, Inc. (“Cylinder Health,” “we,” “us,” or “our”) values our relationship with you and takes your privacy seriously. The purpose of this Privacy Policy is to identify how we may process, collect, store, share, and use the data that we collect from you in connection with your access to and use of our proprietary mobile application and web-based platform at https://app.cylinderhealth.com (collectively, the “Digital Platform”) as well as our marketing website, https://cylinderhealth.com (the “Marketing Site”). This Privacy Policy also describes your rights with respect to your Personal Information (defined below), as described in more detail below. “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
We may update this Privacy Policy at any time by posting the amended version to the Digital Platform or Marketing Site. We will announce any material changes to this Privacy Policy via email.
Please note that some of the information you provide is Protected Health Information (“PHI”) governed by the Health Insurance Portability and Accountability Act (“HIPAA”). Please see our HIPAA Notice of Privacy Practices to learn more about our collection, use, and disclosure of your PHI. To the extent there are inconsistencies between the HIPAA Notice of Privacy Practices you receive and this Privacy Policy, the HIPAA Notice of Privacy Practices will govern.
How to contact us
You can update your preferences with respect to your information by updating your contact information through the Digital Platform or Marketing Site or by contacting us at the email address or phone number below. Additionally, if you have any questions or concerns about this Privacy Policy or our use of your Personal Information, please do not hesitate to contact us through any of the methods listed below.
We collect information from you manually when you provide it to us and automatically when you access or use the Digital Platform or Marketing Site. We may also collect information about you—usually within the context of the Digital Platform—from your employer, health plan, and care team, which may consist of physicians, other health care professionals, and support personnel. This may include members of our own care team with whom you may communicate on or through the Digital Platform.
We may collect the following categories of information (which include Personal Information and PHI) from you, depending on your interactions with the Digital Platform or Marketing Site and the choices you make:
Categories of information
Description of category and sources of collection
How we use this information
Identifiers and business contact information
When you visit the Marketing Site, we collect certain electronic information automatically, including your IP address, unique identifiers, the type of browser you use, and other information. This information is collected via cookies and trackers, which are described further below. This information is not collected on the Digital Platform.
We may also collect from third parties contact information for representatives of prospective clients.
To provide company representatives with more relevant advertisements pertaining to the Marketing Site.
To inform company representatives of the availability of our services.
To provide, maintain, personalize, and improve the Marketing Site.
To monitor the usage of the Marketing Site.
To gather analysis and assess trends and interests and develop new products and services.
Contact information and account registration information for digital platform users
This is the Personal Information provided to us by you, your employer, or your health plan, or that you input when you register to access or learn more about the Digital Platform. This may include your name, address, email address, phone number, date of birth, gender, and health information.
To determine your eligibility to use the Digital Platform.
To communicate with you through the Digital Platform.
To respond to your questions and requests.
To create, maintain and personalize your account with us.
To provide customer support.
To notify you about changes to the Digital Platform.
To allow you to participate in interactive features of the Digital Platform when you choose to do so.
To contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you.
To perform other duties as required by law.
To gather analysis and assess trends and interests and develop new products and services.
Protected health information
The Digital Platform may access PHI submitted by you or your care team. Our collection, use, and disclosure of PHI are governed by separate terms and conditions between Cylinder Health and our customers, as well as by our HIPAA Notice of Privacy Practices. PHI should only be submitted through the Digital Platform as permitted or required for use of the Digital Platform.
The PHI we may collect from you, your employer, health plan, and other entities involved in your care may include:
The identifiers and contact information associated with your account;
Medical insurance details;
Information about physical and mental health conditions and diagnoses;
Treatments for medical conditions;
Genetic information;
Family medical history;
Symptoms and health history;
Medications an individual may take, including the dosage, timing, and frequency;
Lab or diagnostic results; or
Other results from clinical consultations or interaction
To determine your eligibility to use the Digital Platform.
To provide, maintain, and personalize the Digital Platform.
To create, maintain, and personalize your account with us.
We may collect the Personal Information you provide when you contact us with questions or feedback or otherwise correspond with us online through the Digital Platform or the Marketing Site.
To communicate with you through the Digital Platform or the Marketing Site.
To respond to your questions and requests.
To provide customer support.
Demographic data
We may collect the following Personal Information when you submit reviews or otherwise post through the Digital Platform:
Date of birth
Gender
State/region
Preferences
To determine your eligibility to use the Digital Platform.
To provide, maintain, personalize, and improve the Digital Platform.
To provide customer support
To monitor the usage of the Digital Platform.
To gather analysis and assess trends and interests.
Location information
We may collect general location information based on your IP address and as otherwise provided by you if you use features on the Marketing Site or Digital Platform that provide location-based services.
To provide you with location-based services.
To monitor the usage of the Digital Platform or Marketing Site.
To gather analysis and assess trends and interests.
Digital platform usage information
This can be information that is collected about you by automated means when you are using the Digital Platform, and this may include:
Information about your interactions with the Digital Platform, which includes the data and time of any information you enter into the Digital Platform and your interactions with other users of the Digital Platform.
User content you post to the Digital Platform including messages you send and/or receive and your interactions with our customer service team.
Technical data, which may include URL information, cookie data, web beacons and other tracking technology information, the types of devices you are using to access or connect to the Digital Platform, unique device IDs, device attributes, network connection type (e.g., WiFi, 3G, LTE, Bluetooth) and provider, network and device performance, browser type, language, and operating system. Further details about the technical data that is processed by us can be found below.
For more information about these technologies, including steps you can take to manage these technologies, please read below.
To optimize the display of the Digital Platform on your device.
To create, maintain and personalize your account with us.
To provide, maintain, personalize and improve the Digital Platform.
To provide customer support.
To monitor the usage of the Digital Platform.
To allow you to participate in interactive features of the Digital Platform when you choose to do so.
To gather analysis and assess trends and interests.
To detect, prevent, and address technical issues.
To help maintain the safety, security, and integrity of the Digital Platform.
We may use Personal Information to create anonymized and/or aggregated data that is no longer associated with individuals or our customers. We may use and share this information for our lawful purposes.
Disclosing your information
We may disclose your Personal Information with certain third parties, including under the following circumstances:
Software and service providers we use to manage and process your information, for example, providers of claims processing software, or services providers that we otherwise use to facilitate and operate our services and the Marketing Site or Digital Platform.
Healthcare-related entities involved in your treatment and care, such as pharmacies, physicians, and other healthcare providers, as well as health plans, claims processors, and other service providers that assist with health care operations. To learn more about these or similar types of disclosures as they relate to PHI, please refer to our HIPAA Notice of Privacy Practices.
Your employer and/or health plan, as necessary to facilitate your access to the Digital Platform, including payment and administrative tasks, and to evaluate and demonstrate the performance and quality of the Digital Platform. The information disclosed to your employer does not include PHI.
Clinical research organizations, researchers, and health care institutions. To the extent this information includes PHI, we will comply with the HIPAA requirements for authorization.
Product-related service providers, such as our vendors and manufacturers.
Marketing service providers we use to communicate with you.
Service providers to assist in marketing to prospective business-level clients.
Business partners, including those who provide a product or service in partnership or collaboration with us.
Law enforcement, government agencies, or other third parties pursuant to legal process or requirements (including laws requiring the reporting of certain circumstances) or to assist a government or law enforcement investigation.
Our attorneys, consultants, or similar advisors to assess or assert our legal or business interests.
Other third parties that you expressly request us to share your Personal Information with.
Additionally, we will share your Personal Information with third parties where required by law, where it is necessary in connection with the Digital Platform or Marketing Site, or where we have another legitimate interest in doing so. Please note that we may share de-identified information with third parties at our discretion.
Information that you submit to us via text messaging will not be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties.
If we are subject to a merger, acquisition, or similar business transaction with/by another company, we may share or transfer information with them in connection with the transaction.
How we safeguard your personal information
We have put in place commercially reasonable security measures designed to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration of your Personal Information. While we are committed to protecting your Personal Information, please understand that information communicated over the Internet is never 100% safe and secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. Any transmission of Personal Information is at your own risk.
How long we store your personal information
We will retain your Personal Information only for as long as is reasonably necessary for the legitimate business purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal, accounting, or reporting obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Additionally, we may continue to store your Personal Information contained in our standard back-ups.
Tracking technologies and options regarding your personal information
We and our third-party providers use cookies, pixels, web beacons, and similar technologies to collect information over time when you use or access the Digital Platform or Marketing Site. These common tracking tools collect information about the pages you view, the functions that you access, and the buttons and icons you click. These tools also remember your login information and settings to make it easier and more efficient for you to use the Digital Platform or Marketing Site.
You can choose whether to accept cookies by changing the settings on your browser or device. However, if you choose to disable cookies, your experience with the Digital Platform or Marketing Site may be impaired, and some features may not work as they were intended. For more information regarding your choices with respect to cookies and other tracking technologies, please see “Your Rights and Options Regarding Your Personal Information” below. However, if you choose to disable these tools, your experience with the Digital Platform or Marketing Site may be impaired, and some features may not work as they were intended.
We do not recognize Do Not Track signals. We may, however, recognize and process other opt-out preference signals, which we will process as a request to opt out of selling, sharing, and/or targeted advertising for the Marketing Site in accordance with applicable law, such as the Global Privacy Control (“GPC”). To learn more about GPC, including how you may install or use the tool through your browser or browser extension, visit: https://globalprivacycontrol.org/
In addition to these steps, you may have other options to manage marketing communications and related data collection:
Marketing Preferences. You can opt-out from receiving marketing communications from us at any time by following the unsubscribe instructions included in each message , or contacting us as set forth under “How to Contact Us” above. Please allow sufficient time for your preferences to be processed. Even if you opt-out from receiving some or all marketing messages, we may still contact you to manage your account with us, for example, confirming or following up on an order or service request. If you later opt back in or resubscribe, we will send marketing communications to you.
Personalized Advertising on Marketing Site. If you do not wish to participate in advertising personalization, you can opt-out by following the directions provided within the applicable advertisement, through your account settings, or through disabling ad cookies through your browser settings. You may also opt out of receiving interest-based ads from LinkedIn, Facebook, and Google. You will continue to see ads on each platform, but they will not be personalized as a result of your actions on the Marketing Site. Please visit the links below if you wish to opt-out or update your preferences:
Use of Third Party Services. To the extent applicable, you can choose to limit the data that third-party services (e.g., social media platforms) share with us using the options provided to you by the applicable third-party service (for example, the options provided by a third-party social media platform when you connect your social media account with the Digital Platform). You can also disconnect your use of the Digital Platform from the third-party service at any time using the options provided by the applicable third-party service. Please note, however, that if you disconnect from the third-party service, that will not delete the data we may have previously collected while you were connected.
Rights regarding your personal information
You may have the following rights (“Data Subject Rights”) with respect to the Personal Information that we collect or process about you. (Your rights with respect to PHI are described in our HIPAA Notice of Privacy Practices.) Data Subject Rights differ depending on your place of residency, including the following U.S. states: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. Please note that we reserve the right to honor your Data Subject Rights as required by applicable law, including any exceptions allowed to us under applicable law.
Right to Know/Access and Obtain a Copy: If you ask us, we will confirm whether we are processing your Personal Information. You may request certain details about the Personal Information we collect or disclose. Additionally, you may request that we provide you with a copy of all Personal Information you are lawfully entitled to receive.
Right to Amend: If you believe your Personal Information is inaccurate or incomplete, you are entitled to request that we correct or complete it.
Right to Delete: You may request that we delete or remove your Personal Information.
Right to Restrict Processing: You may ask us to restrict or “stop” the processing of your Personal Information in certain circumstances, such as if we process Personal Information that is considered “sensitive” under applicable state laws or engage in certain automated decision-making.
Right to Opt-Out of Targeted Advertising or Sharing (as applicable): Targeted advertising is the practice of serving you tailored advertisements based on your Personal Information gathered across other businesses, websites, applications, or services. Some jurisdictions may refer to this activity as “sharing.” As noted above, we do not engage in targeted advertising with respect to the Digital Platform.
Right to Opt-Out of Sales on the Marketing Site: You may request that we not “sell” your Personal Information. Currently, we do not sell Personal Information collected through or on the Digital Platform.
Right to Non-discrimination: We will not discriminate against you for exercising these rights, but we may charge a reasonable fee as permitted by law in fulfilling these rights, such as if you request multiple copies of your Personal Information.
Right to Appeal: If we deny your request to exercise your Data Subject Rights, you may have the right to appeal the decision with us. If you would like to appeal a prior decision, please submit an appeal request to us using the contact information listed at the end of this Privacy Policy. Please include “Appeal” in your request and information to help us locate your prior request. Additionally, you may have the ability to contact your state’s attorney general if you have concerns about the results of the appeal.
Only you, or someone legally authorized to act on your behalf, may request to exercise Data Subject Rights related to your Personal Information. Please understand that we are required to verify your request and may require you to provide some information to enable us to carry out such verification. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
Submitting a Data Subject Rights request does not require you to create an account with us. We will only use Personal Information provided with the request to verify the requestor’s identity or authority to make the request.
To submit a Data Subject Rights request, contact us using one of the means listed above in “How to Contact Us.”
Notice to California residents
We are required by the California Consumer Privacy Act of 2018, as amended (“CCPA”) to provide additional disclosures to California residents to explain how we collect, use, and disclose their Personal Information, and the rights and choices we offer California residents regarding our handling of their Personal Information.
In the past 12 months, we have collected the Personal Information described in “The Information We Collect” and disclosed it to third parties for the reasons identified in “The Information We Collect” and as listed in “Sharing Your Information.” The Personal Information listed in “The Information We Collect” may be categorized as follows under the CCPA:
Identifiers
Categories of Personal Information described in Cal. Civ. Code § 1798.80(e)
Characteristics of protected classifications under California or federal law
Commercial information
Internet or electronic network activity information
Geolocation data
Professional or employment-related information
Inferences drawn from certain demographic data
Sensitive Personal Information (health information that is not considered PHI, login credentials for your account with the Digital Platform, and the contents of messages that you send through the Marketing Site or Digital Platform)
We do not use or disclose Sensitive Personal Information for purposes other than those specified in Cal. Civ. Code § 1798.121.
We do not “sell” or “share” Personal Information collected through or on the Digital Platform.
Targeted advertising that we conduct on our Marketing Site (not the Digital Platform) may be considered a “sale” or “share” of Personal Information according to CCPA. Because we engage in this practice on the Site, we may have “sold” or “shared” identifiers, commercial information, and internet or electronic network activity information with third-party data analytics providers, social media networks, and marketing or advertising networks in the last 12 months. If you wish to request to opt out of this use of your information, please email with the subject line: Do Not Sell or Share My Personal Information. You may also submit this or other requests to exercise your rights under the CCPA by following the instructions in “How to Contact Us” listed above.
Transfer of data; special notice to non-U.S. users
Cylinder Health is a US-based provider, and our infrastructure – including databases and applications that handle and store Personal Information – is hosted in the US. As a result, it is necessary for us to transfer Personal Information within the United States to provide our services to users, pursuant to our relevant agreements with users and/or their employers or health plans.
Children’s information
The Digital Platform and Marketing Site are not intended for use by children under the age of 18. As such, we do not have actual knowledge that we sell or share the Personal Information of children under the age of 18. By using the Digital Platform or Marketing Site, you represent that you are at least 18. If you do not meet this age requirement, please do not access or use the Digital Platform or Marketing Site.
If we learn that we have collected Personal Information from a child under the age of 18, we will take reasonable steps to delete it unless we are legally obligated to retain such information. If you believe that we have collected information from a child under the age of 18, please contact us through one of the methods listed under “How to Contact Us” above.
Links to other websites
The Digital Platform or Marketing Site may contain links to third-party websites. We have no control over how these websites collect your information and are not responsible for the content, privacy policies, actions, or security of these websites. Please make sure to read the privacy statements of these other websites that collect your Personal Information.
Updates to this Privacy Policy
We may update this Privacy Policy from time to time and notify you in accordance with law, which may include email or other notice posted to the Digital Platform or Marketing Site. Any changes to this Privacy Policy will become effective when we notify you of the changes. Your use of the Digital Platform or Marketing Site following any such updates will constitute your acceptance of such updates.
